Equifax has a lot of data about you. This data could have a significant impact on your life.
Equifax is among the largest data brokers in the United States and one of three major credit reporting agencies. It collects and assesses consumer credit information through around 10,000 different companies or information “furnishers.”
This data is then sold to financial institutions, employers, and marketers, but as demonstrated by numerous security issues, it can also end up in the hands of cybercriminals.
Below is a quick history of Equifax privacy and security issues, as well as steps you can take to protect your privacy.
Equifax Privacy and Security Issues
The 2017 data breach is well known, but Equifax has had other security and privacy failings. Below are some of them.
1970: First warnings of personal data collection and sale
Equifax has been collecting personal information about individuals for decades. In 1970, when it was still known as Retail Credit Company, Columbia University professor Alan Westin wrote about the company’s practices in the New York Times.
The files the company kept on people, Westin said (as reported in a Wired article), “may include ‘facts, statistics, inaccuracies and rumors’ … about virtually every phase of a person’s life; his marital troubles, jobs, school history, childhood, sex life, and political activities.”
Consumers had no way to see what these files contained. Most didn’t know they existed.
That same year, Retail Credit Company was about to start computerizing its files, something that Westin found particularly worrying. He said the step would threaten civil liberties and privacy because access to people’s most personal information would become so simple.
Westin went on to testify on the subject before Congress, and these hearings reportedly contributed to the passage of the Fair Credit Reporting Act toward the end of 1970. Some people also believe that this encouraged the Retail Credit Company to change its name to Equifax as a way to start “fresh.”
2016: Equifax ignores a security vulnerability
In 2016, a security researcher notified Equifax of a serious security hole: an online portal that was supposed to be accessible to Equifax employees only was exposed to the entire internet.
Anyone could find personal information about Equifax customers by simply putting in a search term, wrote the Motherboard.
The vulnerability was not patched for six months, by which time the notorious 2017 breach (described below) had already occurred. This puts into sharp focus the lax security that companies that collect consumers’ personal information have.
2017: Data breach and exposure of American salary information
In early September of 2017, Equifax announced a data breach that had been discovered in late July, potentially exposing personally identifiable information (PII) of 143 million consumers across the U.S., U.K., and Canada.
As reported by KrebsonSecurity, Equifax’s lack of security within TALX (pronounced “Talks”), one of their subsidiaries, has made it easy for hackers and ID thieves to access the employment and salary history of impacted individuals.
TALX provides payroll, HR, and tax services to employers online and operates as Equifax Workforce Solutions as of 2012. One of the popular features of TALX, known as “The Work Number,” allows for automated verification of employment and income used for prospective employers.
In May 2017, KrebsonSecurity recounted a security breach announced by TALX to its Work Number service, caused by unauthorized account access by hackers who were able to reset account PINs by successfully answering account security questions.
By gaining access to this database, hackers can easily obtain, record, and index work and salary histories of the 143 Equifax hack victims announced in September 2017, using the PII that was breached and released during the July 2017 breach.
Threats of identity theft should not be taken lightly, as illustrated by Katie Van Fleet, the Seattle woman who’s claimed to have had her identity stolen 15 times since the Equifax breach. Additionally, it can take months or years to fully recover from being a victim of identity theft due to the extent that thieves have gone to in order to secure your identity.
2012 – Present
Ever since the Consumer Financial Protection Bureau database was put online, countless consumers have filed complaints against Equifax. For example, in 2022, there were 184,666 complaints filed by consumers against Equifax. This is a 24% increase from 2021.
The most common complaint is about inaccurate information. Another common complaint was the improper use of consumer credit reports, i.e., someone checking their credit score without getting their consent to do so first.
Unfortunately, getting inaccurate information fixed seems to be a struggle for many consumers. According to CBS News, one consumer wrote, “Hello my name is XXXX XXXX and XXXX have been reaching out to all three credit bureau’s via mail trying to resolve this debilitating issue for the past 7 months to no available.”
2022: Equifax sued for inaccurate credit scores
In 2022, a coding error at Equifax led to some consumers applying for home and car loans being given an erroneous credit score. In at least one case, the inaccurate score is said to have led to a pricier auto loan.
Steps to Improve Equifax Privacy
The good news is that Equifax gives consumers the option to take control of their personal information.
Through Equifax’s online portal, you can do the following:
- Ask Equifax to see the kind of personal information they’ve collected about you.
- Ask Equifax to delete your personal information.
- Ask Equifax to correct inaccurate information about you.
- Ask Equifax to limit whom it shares your personal information with.
- Ask Equifax to stop sharing your personal information with third parties.
For step-by-step instructions on how to remove yourself from Equifax, follow our guide.